Sudo is a tool that allows commands to be run as root or other users,
with command logging and fine-grained access controls.

Quest Sudo adds two features to the standard Sudo application: Active Directory
group matching for access controls, and newgrp-style group changing.

Active Directory group matching

Quest Sudo can use Quest Authentication Services to make access control decisions based on Active
Directory group memberships – even for groups that are not Unix-enabled.

newgrp-style group changing

Quest Sudo adds the ability for users to change their primary group to any
group permitted by the system administrator. This provides a more secure
mechanism than newgrp by avoiding the need for shared passwords.

Documentation

The
howto documents both general Sudo usage in
an enterprise environment, as
well as how to take advantage of the Quest-specific enhancements.